fbpx
Connect with us

Tech

Lots to consider when buying cyber insurance, so do your homework

Published

on

Lots to consider when buying cyber insurance, so do your homework

When considering implementing a cyber insurance policy, due diligence should be your watchword, says Paddy Francis of Airbus CyberSecurity

Paddy Francis

By

Published: 08 Jul 2022

The purpose of cyber insurance is basically the same as any other form of insurance. Insurance provides protection if a rare but unaffordable event should occur, that could otherwise severely damage the financial position of the business and potentially lead to bankruptcy.

However, as with home or car insurance, where if you leave your car unlocked with the keys in the ignition and it is stolen, or hide your front door key under a plant pot and all your possessions are stolen, then no insurer is going to pay out. Nor is cyber insurance likely to cover intangible impacts such as reputational damage, so it is not an alternative to proper cyber protection. 

Insurance companies are there to make a profit, so on average their pay-outs will be less than the premiums they receive. Nonetheless, because taking precautions such as fitting better locks and alarms can reduce home and car insurance costs, the same principle is true for cyber insurance. The more recognised protection measures that are in place, the lower premiums are likely to be.

This might include certification under the Cyber Essentials Scheme and the ISO27000 series of standards, the use of certified services providers. The company’s own protection and processes and the integration of relevant services into the incident response plan is also important.

This reasonable level of protection needs to be in place for insurance to be valid. In terms of physical security, this would typically mean recognised standards of lock alarm systems, CCTV surveillance, etc.

Nevertheless, what is deemed reasonable and good practice will change over time and is changing more rapidly for cyber security, so it is also important to keep that protection up to date and going further than the minimum required by the insurer may also reduce premiums.

In particular, your backup strategy needs to protect against the latest ransomware attacks, which target the backup as well as online data. Some policies may protect against new and unknown attacks, but probably not a new attack that you should reasonable be expected to know about.

When approaching cyber insurance, the first step is to identify what it is that needs to be protected, for example what are the organisation’s valuable data assets and what systems or services, if impacted by an attack, could severely damage the business? Then, taking these into account, what would be the costs involved should there be an attack? These could include:

  • The cost of responding to the attack itself, either internal, or external service provider costs, media and social media management, etc.
  • Legal and regulatory costs (such as notification to the ICO and affected third parties).
  • Cost of loss of access to systems or data, in particular from a ransomware attack. Including loss of production.
  • Third-party claims – loss of personal data, third-party financial losses, damages for late deliveries, inability to deliver services, etc.
  • Customer claims if your products or services that have been infected with malware are part of a supply chain attack.
  • Reputational damage and other intangible costs that may not be covered.

This should help to identify what any policy should cover and also provide an estimate of the level of cover that may be needed.

Once the need has been identified, it is possible to check insurers’ offers to see how much can be covered. This is never that easy with insurance policies and cyber security can have technical complexities, so will need support from technical and legal experts to comb through the detail and ensure that the cover is appropriate and confirm what is covered and what is not covered. 

This would need to include the identification of specific protection and certification requirements, as well as cover for new and emerging attacks and any potential exclusions, or limitations. For example, are third-party claims and data breaches included? Other considerations might be what advice, guidance or consultancy services are available from the insurer.

Cyber insurance has matured significantly over the past few years, but can still be complex. At the same time, the threat of a cyber attack is changing as quickly as ever and the cost of it can be crippling to some businesses. Cyber insurance is therefore a legitimate tool for many to protect their businesses.

But a degree of diligence is needed in selecting suitable insurance and verifying that the cover is appropriate, as well as the systems are up to scratch so that any claims will be valid.





Read more on Business continuity planning

Go to Source

Click to comment

Leave a Reply

Tech

Stocking stuffer alert: Get 20% off Roblox gift cards for Cyber Monday

Published

on

Stocking stuffer alert: Get 20% off Roblox gift cards for Cyber Monday

Roblox $25 gift card image

Amazon

, Senior Editor

Alaina Yee is PCWorld’s resident bargain hunter—when she’s not covering PC building, computer components, mini-PCs, and more, she’s scouring for the best tech deals. Previously her work has appeared in PC Gamer, IGN, Maximum PC, and Official Xbox Magazine. You can find her on Twitter at @morphingball.

Go to Source

Continue Reading

Tech

This game-ready 1440p Dell monitor is a cool $150 on Cyber Monday

Published

on

This game-ready 1440p Dell monitor is a cool $150 on Cyber Monday

Dell monitor on a white background

Dell

, Senior Editor

Alaina Yee is PCWorld’s resident bargain hunter—when she’s not covering PC building, computer components, mini-PCs, and more, she’s scouring for the best tech deals. Previously her work has appeared in PC Gamer, IGN, Maximum PC, and Official Xbox Magazine. You can find her on Twitter at @morphingball.

Go to Source

Continue Reading

Tech

Missed out on the Powerball? This puzzle might help, and it’s $20 today only.

Published

on

Missed out on the Powerball? This puzzle might help, and it’s $20 today only.

2 million dollar puzzle

StackCommerce

Go to Source

Continue Reading
Home | Latest News | Tech | Lots to consider when buying cyber insurance, so do your homework
a

Market

Trending